ssh private keys on our systems
Toshio Kuratomi
a.badger at gmail.com
Tue Oct 4 15:19:55 UTC 2011
On Tue, Oct 04, 2011 at 08:45:22AM -0600, Kevin Fenzi wrote:
> On Tue, 4 Oct 2011 07:37:38 -0700
> Darren VanBuren <onekopaka at gmail.com> wrote:
>
> > Oh, so it's more like tunnelling SSH in SSH, similar to X11 in SSH or
> > SOCKS through SSH?
> >
> > I just remember that last time I connected I think I had to use agent
> > forwarding. I may be wrong, I was tired while writing this email last
> > night.
>
> Yeah, basically using bastion simply as a way to connect to other
> sshd's.
>
> It's nice, because:
>
> - You don't need your private key on any shared systems.
>
> - You don't need to run ssh agent forwarding at all. (You can in rare
> cases when you need to copy things between internal machines).
>
One time when I've found agent forwarding unavoidable is when working on
development of code hosted in fedorahosted. Checkouts can be done
anonymously, but pushing changes back to fedorahosted needs an authenticated
ssh connection. This counts as copying things between machines but it's
common enough for what I do in infrastructure that I'd love to figure out
some way around it.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20111004/43593a71/attachment.bin
More information about the infrastructure
mailing list